properly validate username length · socksthewolf.com/skyscheduler@07ab529

socksthewolf.com / skyscheduler

fork atom

Schedule posts to Bluesky with Cloudflare workers. skyscheduler.work

cf tool bsky-tool cloudflare bluesky schedule bsky service social-media cloudflare-workers

fork atom

properly validate username length

was not aware there was a default limit cap

SocksTheWolf 2 months ago 07ab529d 70b8adfb

+5 -3

3 changed files

expand all

unified split

src

auth

index.ts

limits.d.ts

validation

sharedValidations.ts

+2 -2

src/auth/index.ts

··· 5 5 import { drizzle } from "drizzle-orm/d1"; 6 6 import { schema } from "../db"; 7 7 import { Bindings } from "../types"; 8 - import { BSKY_MIN_USERNAME_LENGTH } from "../limits.d"; 8 + import { BSKY_MAX_USERNAME_LENGTH, BSKY_MIN_USERNAME_LENGTH } from "../limits.d"; 9 9 import { lookupBskyHandle } from "../utils/bskyApi"; 10 10 import { createDMWithUser } from "../utils/bskyMsg"; 11 11 ··· 78 78 plugins: [ 79 79 username({ 80 80 minUsernameLength: BSKY_MIN_USERNAME_LENGTH, 81 - maxUsernameLength: 500 81 + maxUsernameLength: BSKY_MAX_USERNAME_LENGTH 82 82 }) 83 83 ], 84 84 rateLimit: {

src/limits.d.ts

··· 78 78 79 79 // BSky limits that are inferred 80 80 export const BSKY_MIN_USERNAME_LENGTH: number = 4; 81 + export const BSKY_MAX_USERNAME_LENGTH: number = 256; // since these are domains, they should be about 256 81 82 export const BSKY_MAX_APP_PASSWORD_LENGTH: number = 20; 82 83 export const MAX_EMBEDS_PER_POST: number = 4; 83 84

+2 -1

src/validation/sharedValidations.ts

··· 1 1 import * as z from "zod/v4"; 2 2 import { appPasswordRegex } from "./regexCases"; 3 - import { BSKY_MAX_APP_PASSWORD_LENGTH, BSKY_MIN_USERNAME_LENGTH, MAX_DASHBOARD_PASS, MIN_DASHBOARD_PASS } from "../limits.d"; 3 + import { BSKY_MAX_APP_PASSWORD_LENGTH, BSKY_MIN_USERNAME_LENGTH, BSKY_MAX_USERNAME_LENGTH, MAX_DASHBOARD_PASS, MIN_DASHBOARD_PASS } from "../limits.d"; 4 4 5 5 export const UsernameSchema = z.object({ 6 6 username: z.string().trim().toLowerCase() 7 7 .nonempty("username is missing") 8 8 .min(BSKY_MIN_USERNAME_LENGTH, "username too short") 9 9 .regex(z.regexes.domain, "username should be in a format like username.bsky.social or a domain") 10 + .max(BSKY_MAX_USERNAME_LENGTH, "username too long") 10 11 .nonoptional() 11 12 }); 12 13